Long Arrow Right External Link angle-right Search Times Spinner angle-left

Apache Log4j Critical Vulnerability (CVE-2021-44228) in the context of Symetri Naviate applications

15 December 2021

December 9, 2021, the Apache Software Foundation released Log4j 2.15.0 to resolve a critical remote code execution vulnerability (CVE-2021-44228) affecting versions 2.0-beta9 through 2.14.1. Apache Log4j is commonly used Java logging library with Apache Tomcat web applications.  

Vulnerability details can be found from:¬†¬†https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228 

Naviate Security Advisory 

  • Naviate for Revit
  • Naviate for Civil 3D
  • Naviate Nexus
  • Naviate Plant3D
  • XL Products

We have not identified any components in the above product families that is affected by Log4j vulnerability.

We are not installing or using anything related to The Log4j library.

Symetri recommendation  

Even though current versions of Naviate products are not affected by this vulnerability, Symetri always recommends its customers to keep their software up to date.  

The latest release are available on www.naviate.com/downloads.

If you have any questions or concerns, please contact your local account manager or the Naviate team info@naviate.com.